package com.xiaolong.shiro;

import java.util.concurrent.atomic.AtomicInteger;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.springframework.beans.factory.annotation.Value;

/**
 * 密码错误次数
 * @author huxiaolong
 *
 */
public class RetryLimitHashedCredentialsMatcher extends HashedCredentialsMatcher {
	private Cache<String, AtomicInteger> passwordRetryCache;
	
	@Value("${maxRetryCont}")
	private int maxRetryCont;
	
	public RetryLimitHashedCredentialsMatcher(CacheManager cacheManager) {
		passwordRetryCache = cacheManager.getCache("passwordRetryCache"); 
	}
	
	@Override
	public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
		String username = (String) token.getPrincipal();
		AtomicInteger retryCount = passwordRetryCache.get(username);
		if (retryCount == null) {    
            retryCount = new AtomicInteger(0);    
            passwordRetryCache.put(username, retryCount);    
        }    
        if (retryCount.incrementAndGet() > maxRetryCont) {    
            // if retry count > 5 throw    
            throw new ExcessiveAttemptsException();    
        } 
        boolean matches = super.doCredentialsMatch(token, info);    
        if (matches) {    
            // clear retry count    
            passwordRetryCache.remove(username);    
        } 
		return matches;
	}
}
